In this interview, Our Executive Vice President of eDiscovery, Phil Shellhaas, answers the question: How do you separate yourself when everyone has access to the same technology?

1) Improved Communication.

The simple back and forth of team communication is often the biggest factor in slowing down the process. We’ve been part of every side of this equation. We’ve done just eDiscovery, just Review, and we’ve done both. There is no comparison. When the eDiscovery and Review teams are literally on the same team, it makes every aspect of communication easier. By having a single point of contact between technology, review, outside & internal counsel, everything gets simpler. Questions get answered quickly, issues get resolved, and the process moves along without friction.

2) Core Team Speed.

By having a core team responsible for the whole process, they get to know the specifics of your business. This fosters the accumulation and retention of institutional knowledge. By gaining familiarity with your business and data custodians, it also allows them to ramp up faster, under tighter deadlines. 

3) Improved Defensibility.

A standardized process between Discovery and Review makes the operational history and process more complete and easier to obtain. The result is simple, tried and true defensibility documentation.

4) Better Product.

We’ve found that having everyone on the same team fosters the development of innovative workflows. It should come as no surprise, as the core team becomes more familiar with the data it naturally leads to greater insight. They can reuse previously processed data, streamline privilege screens, integrate guidelines from outside counsel, company acronym lists, etc.

5) Less Cost.

If cost tends to come down to one thing in Review and Discovery, it’s efficiency. Improved efficiency means less time, less hours, and less cost.  We’ve found that having a single team responsible for both is one of the most reliable methods to keep costs down.

The pervasiveness of technology in our everyday lives is unmistakable.  The next time you walk down a city street, go out for coffee or spend time at a family gathering, take a moment, and reflect upon the number of people on their mobile devices – it is astonishing!  At this moment, you may be asking yourself, how is this relevant to ethical eDiscovery – so let me explain.

In litigation there may be electronically stored information (“ESI”) that needs to be preserved, collected, processed and reviewed (collectively “eDiscovery”).  ESI can take the form of emails, servers, hard drives, mobile devices, such as cell phones, among others.

So, if a lawyer finds themselves retained for a matter that involves eDiscovery, how do they meet their ethical obligations under the New York Rules of Professional Conduct (hereinafter “Rules”).1  Well let us start with the Rules.


In evaluating the Rules, it is important to note a few things first.  Only the black letter Rules are binding upon lawyers – the Comments accompanying the Rules are not binding upon lawyers and serve as a guide to interpreting the Rules – the Preamble and Scope of the Rules are also non-binding upon lawyers and serve as a guide to interpreting the Rules.2

The most salient black letter Rule as it relates to ethical eDiscovery is Rule 1.1, “Competence.”  In relevant part it states, “(a) [a] lawyer should provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. (b) A lawyer shall not handle a legal matter that the lawyer knows or should know that the lawyer is not competent to handle, without associating with a lawyer who competent to handle it.3” Comment [8], which accompanies this Rule states, “[t]o maintain the requisite knowledge and skill, a lawyer should … (ii) keep abreast of the benefits and risks associated with the technology the lawyer uses to provide services to clients or to store or transit confidential information.” (emphasis added).

In 2014, the New York State Bar Association issued an ethical opinion that discussed the interplay between technology and the Rules – specifically, ESI in the cloud under Rule 1.6 Confidentiality of Information and Rule 1.1 Competence.4  And in 2013, another ethical opinion discussed Rule 1.1 Competency as it relates to social media and preservation of evidence.5 Both opinions providing support for the importance of competency as it relates to eDiscovery.

Accordingly, lawyers should to familiarize themselves with technology and maintain a level of technological competence to adequately advise clients on eDiscovery.  Moreover and as a helpful tip, knowing the right questions to ask of your client, vendors and opposing counsel, may be the best way to maintain competence.6

Where a lawyer lacks the requisite competency to handle eDiscovery there are three options to ethically handle the matter – (1) adequately informing themselves about eDiscovery to meet the standards of an competent lawyer7; (2) associate with a lawyer who possess the requisite eDiscovery competence8 or (3) associate with a nonlawyer9 who possesses the requisite eDiscovery competence.10 Alternatively, the lawyer should decline the representation.

Where a lawyer does associate with a nonlawyer to meet the standards of a competent lawyer, the lawyer must adequately supervise the nonlawyer to ensure the actions of nonlawyers comport with the Rules.11 Failure to adequately supervise can lead to disciplinary action.12

State and Federal Rules

In addition to the Rules, lawyers should be cognizant of the New York State and Federal Rules, which establish competency in the eDiscovery context.

The Uniform Civil Rules for the New York Supreme Court and the Commercial Division of the New York Supreme Court, with respect to the preliminary conference, require lawyers to be sufficiently versed in matters relating to their clients’ technological systems to discuss competently all issues relating to electronic discovery.13 Consequently, lack of discovery competency can result in sanctions.14

The Federal Rules of Civil Procedure, Rule 26(f)(c)(3), with respect to the discovery plan, requires lawyers to state the views and proposals on issues about disclosure, discovery or preservation of ESI, including production format.  And under Rule 26(g)(1), the lawyer of record must sign to certify that the disclosure and discovery comports with the Rule itself; failure to do so can result in sanctions under Rule 26(g)(3).

Accordingly, for a lawyer to comply with the Court Rules, they must be sufficiently well-versed in eDiscovery.

Legal Malpractice and Disciplinary Action

When looking at the Rules it is important to delineate between legal malpractice and a disciplinary action.

To state of cause of action for legal malpractice requires that the (1) lawyer failed to exercise the ordinary reasonable skill and knowledge commonly possessed by a member of the legal profession, and (2) lawyer’s breach of the duty proximately caused the plaintiff actual and ascertainable damages.15  Consequently, a violation of a disciplinary rule without more, is insufficient to support a legal malpractice cause of action.16  And a violation of the Rules does not form the basis for a legal malpractice cause of action, but some of the conduct constituting a violation of the Rules, may also constitute evidence of malpractice.17

The Rules provide a framework for the ethical practice of law.18  Moreover, the Rules state the minimum level of conduct below which no lawyer can fall without being subject to disciplinary action.19   And the failure to comply with an obligation or prohibition imposed by a Rule is a basis for invoking the disciplinary process.20

Practical TIP

In closing, I wanted to provide helpful tips to assist lawyers in meeting their ethical obligations under the Rules.

A lawyer and litigation support professional should start communicating upon commencement of the matter. They should discuss the merits of the matter and come up with an eDiscovery strategy to meet case goals.21

Transparent and clear communications are the keys to a successful eDiscovery engagement – communications should include:

  • Discovery deadlines
  • ESI protocols
    1. How and what format should the ESI be collected
    2. What format should the ESI be produced
    3. What metadata fields should we agree to produce
    4. What metadata fields should we avoid committing to produce
  • Is a forensic consultant needed
  • Document Review
    1. What is the best method to review documents given the nature of the matter, budget and time constraints
      1. linear review or technology assisted review (TAR)
      2. use of analytics – email threading and near deduplication

About the Author.

PETER J. BORELLA – is a Business Development Director with Trustpoint.One. Peter consults with corporate legal departments and law firms on areas ranging from eDiscovery and staffing to translations and court reporting. He is also a member of the Executive Board for the NYC ACEDS Chapter and currently serves as its Vice President. Peter holds a certification in eDiscovery through ACEDS, as well as two privacy certifications thought the IAPP.

1. The Rules, also known as, disciplinary rules.

2. See New York Rules of Professional Conduct (N.Y. Rule) Preamble; Scope [13]; Roy Simon & Nicole Hyland, Simon’s New York Rules of Professional Conduct Annotated, 2017 ed. 2 (2017).

3. Unlike ABA Model Rule 1.1, its progeny the N.Y. Rule 1.1(a) uses the word “should” instead of “shall”. Accordingly, the language does not mandate competent representation, but rather, competence is merely aspirational. The rationale for the “should” language is twofold – (1) every lawyer makes mistakes and a lawyer should not be subject to professional discipline for an isolated instance of incompetence; and (2) incompetence is largely policed by legal malpractice suits. Simon & Hyland, supra, at 62 – 63.  However, N.Y. Rule 1.1 (b) “puts teeth in the duty of competence by essentially prohibiting incompetent representation.” Simon, Roy, Artificial Intelligence, Real Ethics, New York State Bar Association Journal, April 2018, par. 5.

4. New York State Bar Association, Ethics Opinion 1020; see Simon, Artificial Intelligence, supra, pars. 11-13 (discussing technology as it relates to N.Y. Rule 1.6, confidential information).

5. New York County Lawyers’ Association, Ethics Opinion 745.

6. See Kristen Weil & Ronald Hedges, Ethical E-Discovery and New Technologies, New York Law Journal, March 2017.

7. See N.Y. Rule Comment 1.1 [4] – [5], [8].

8. See N.Y. Rule 1.1 (b); N.Y. Rule Comment 1.1 [6].

9. Examples of nonlawyer eDiscovery professionals include, project managers, litigation support, eDiscovery vendors, forensic engineers, among others.

10. See N.Y. Rule 5.3.

11. See N.Y. Rule Comment 5.3 [1] – [2].

12. See Matter of Jeffrey M. Jayson, 3 A.D.3d 80, 81-2, 772 N.Y.S.2d 769, 770-71 (N.Y. App. Div. 2003)

13. See 22 NYCRR 202.12(b); 22 NYCRR 202.70(g)(1)(b).

14. See Ocwen Loan Servicing v. Ohio Pub. Emps. Ret. Sys., 2015 NY Slip Op. 51775(U) (N.Y. Sup. Ct. Dec. 7, 2015) (Plaintiff sought spoliation sanctions pursuant to CPLR 3216, claiming that Defendant failed to preserve relevant electronically stored information. The Court granted Plaintiff’s motion insofar as Plaintiff requests an adverse inference instruction and further ordered Defendant pay the lawyers’ fees and costs incurred by Plaintiff in preparing the sanctions motion).

15. See Felix v. Klee & Woolf, LLP, 138 A.D.3d 920, 921, 30 N.Y.S.3d 220, 223 (N.Y. App. Div. 2016).

16. See Fletcher v. Boies, Schiller & Flexner LLP, 140 A.D.3d 587, 588, 35 N.Y.S.3d 28 (N.Y. App. Div. 2016).

17. See Swift v. Choe, 242 A.D.2d 188, 194, 674 N.Y.S.2d 17, 21 (N.Y. App. Div. 1998); N.Y. Rule Preamble; Scope [12].

18. N.Y. Rule Preamble; Scope [8].

19. N.Y. Rule Preamble; Scope [6].

20. N.Y. Rule Preamble; Scope [11].

21. A good starting point is the EDRM Project Management Framework. See

The pace of technological innovation and the explosion of electronically stored information (ESI) has forced the legal industry to adapt quickly. This is particularly true when it comes to eDiscovery.

The vast amounts of data created by email, text and social media meant eDiscovery providers themselves needed technology to deal with these new challenges. While the market is somewhat established by now, that doesn’t mean innovation is static. As we move into a new year, eDiscovery service providers must look ahead to what’s next.

Here are five eDiscovery tech trends to watch in 2019.

Tech-Certified Staff

More and more, legal teams will need versatile, multidisciplined teams during the review stage. Janice Hollman, of Relativity®, Trustpoint.One’s trusted partner, elaborated in a discussion with Legal Tech:

“In 2019, we’ll continue to see more paralegals and litigation support professionals getting certified—along with increased demand for tech-trained paralegals and lawyers.”

Privacy Tipping Point

After years of data breaches—including some high profile incidents in 2018—and privacy concerns, regulations are starting to catch up. For instance, the General Data Protection Regulation, or GDPR, recently took effect in the United States. It’s a European Union law regulating data security for data housed or transferred from the EU.

As Leonard Deutchman at the Legal Intelligencer notes, this means legal teams will need to take steps to comply with the GDPR going forward. From a technological standpoint, eDiscovery service providers will have to be up to date and in compliance with privacy laws.

However, the GDPR isn’t the only concern. Now most states have data breach standards, and California recently passed a sweeping digital privacy law that goes into effect in 2020. Therefore, it’s necessary that eDiscovery service providers are ready to incorporate data privacy protections into their processes.

Active Learning

As the amount of data collected during review increases, active learning will be valuable for reviewers. It’s a tool that is constantly learning based on reviewers’ coding decisions. It uses those decisions to identify important documents. As a project progresses and more coding decisions are made, the results are refined.

By running this and utilizing other analytics tools such as email threading and cluster visualization, reviewers can create a highly efficient workflow to sort data by issue, prepare evidence for litigation, prioritize documents for batching or allow for quality control.

Increased Translation Demands

We’re living in a global economy where companies are increasingly doing business across international borders. As Michael Swarz of Veritone suggests, this means that there will be an increased demand for quality translation services during eDiscovery. He said:

“2019 will be the year demand for translation of any ESI file—text, audio and video—will balloon to meet increasingly globalized e-discovery & compliance requirements. Firms will look for robust translation options, whether machine or human, to translate international files into the language of their choice—by location, accent and dataset—to win their case.”

Reckoning with Office 365

Many companies use Microsoft’s Office 365, which provides some limited eDiscovery tools for preservation of data, data identification and other tasks. Some in the industry, such as Phil Shellhaas, EVP of Discovery Solutions at Trustpoint.One, view the increased adoption of Office 365 as a positive.

He said: “The integration of Office 365 and their advancements in the overall toolset have allowed the collection of custodian mailboxes for downstream litigation to take place at a much more efficient pace.  No longer do we have to worry about deploying a forensic technician into a data center to manage an Exchange Database onsite with a client’s IT professional, which would result in grabbing massive amounts of data due to the limitiations on filtering onsite.  Now the data can be retrieved in a forensically sound manner, utilizing filters right from the cloud.  It is faster and more efficient.”

Conversely, a 2017 report by Gartner described these eDiscovery capabilities as “immature.” Proofpoint, an enterprise security company, also notes that its capabilities are likely fine for organizations not typically involved in litigation. Those that are could require additional support from third parties in areas such as retention management, legal hold, eDiscovery search and content sources.

Relativity has already identified this gap. Its Legal Hold feature allows eDiscovery administrators to “…preserve a custodian’s Microsoft Office 365 data, including Exchange mailboxes, OneDrive files, and Skype for Business conversations.”

No matter your assessment of Office 365, eDiscovery service providers would be wise to keep an eye on it in the coming year.

As technology evolves, Trustpoint.One always leverages cutting-edge technology and top talent to deliver streamlined eDiscovery solutions. If you need help, contact us today!

The complexity and rising costs associated with ESI and eDiscovery services are forcing innovation and market disruption with predictable pricing models, as seen in Trustpoint’s Managed Solutions offerings. There are many vendors claiming to offer similar eDiscovery managed services. They might have a bullet point on their website and may even have a web page dedicated to the model, but are eDiscovery managed services a core focus of their organization? How can you tell? One way is by examining how the eDiscovery provider allocates resources and makes money. Trustpoint is moving away from pricing its services in the traditional per-GB model, where each step in the process is more expensive than the previous, and toward aligning its interests with their clients’, making Trustpoint a true eDiscovery Managed Solutions provider. In addition to addressing the needs of any given project, the Trustpoint approach focuses on a comprehensive business solution to handle all of an organization’s projects, enabling more control over their eDiscovery business. These engagements can include a combination of workflow, technology and infrastructure support and are priced at the environment level. Following are two examples:

• In the case of an organization that wants to directly license eDiscovery software, they can engage Trustpoint to host the software, manage upgrades, storage and other IT functions, the law firm would pay a predictable flat monthly fee for this service to handle all their cases.
• Then there are multi-tenancy engagements, where groups want full control of an eDiscovery platform but do not want the upfront licensing and hardware expense. In this case, they would get administrative control and capacity for a fixed monthly fee.

To recap, rather than charging increasingly large fees due to the infinite growth of ESI that needed to be collected, accessed, managed, and stored for eDiscovery (and the enormous financial burden to clients that comes with it), Trustpoint.One delivers a non-zero-sum Managed SolutionsTM model, giving legal teams the infrastructure, technology and priority customer service they demand– but for a fixed monthly fee.


In our playbook, step one is managing your data better.

Technology is all around us, and it’s fueling the 21st century data boom. This ubiquitous technology is creating billions of pieces of communication a day.

A report by the Radicati Group, a technology market research firm, indicated that the total number of business and consumer emails sent and received per day would exceed 281 billion in 2018. Radicati forecasts that number will grow to more than 333 billion by 2022.

How does this apply to law-firms and in-house legal departments? Let’s examine how the industry is dealing with Big Data and the infrastructure required to contain and manage it.

Emails are the most prominent example of ESI–especially in the legal industry. However, there’s more to consider. For example, organizations who have moved to Microsoft 365 may still have on-premise exchange platforms, employees may keep.pst mailbox files on their local hard drives, old data may be maintained in legal-hold platforms, or terminated user data may live on networks indefinitely––not to mention content on a variety of disparate platforms like Dropbox, Google drive, SharePoint or various social media sites.

With increases in data stores, their locations, and the need for organizations “to satisfy their retention duty,” more businesses and their advocates must manage data better and limit the amount of information that makes it downstream to vendors and case teams.

A Managed Solution engagement can be customized and specifically tailored to encompass a corporation’s Information Governance (IG), Preservation and Collection needs. These engagements allow organizations to leverage professionals with extensive electronic data experience to help draft information governance plans and data maps to develop smarter preservation and collection methods.  These solutions simultaneously address retention-duty obligations and reduce data volumes that ultimately need to be reviewed.  For example:

  • Deploy a “Preservation Managed Solution” where the collection of custodians and data stores (frequently a target of document requests) are put on a regular collections schedule.  This helps with an organization’s litigation readiness and eliminates the need to recollect data. 
  • An “IG Front-End Solution” can also help in the processing and review stages of the Electronic Discovery Reference Model (EDRM) by re-purposing the data and attorney work product. Organizations can put processes in place where data that is relevant to multiple matters is processed only once. In this case, the coding decisions and work product can be reused.



As technology continues to evolve, companies have had to become more creative when it comes to managing vast amounts of data. However, technology can also be used to deal with this issue via analytical applications and tools.

Trustpoint.One takes this challenge seriously, and we’ve built our technology and software around data analytics. In practice, this approach improves eDiscovery processes by weeding out irrelevant data and keeping the most important data for litigation.

Here are four analytics strategies for eDiscovery you can implement to effectively manage data.

Email Threading

Email threading segments emails by gathering forwards, replies and reply-alls together. This makes it easy to track related emails and reconstruct email threads. Trustpoint.One’s agnostic approach to technology deployment allows for organization and management of emails using::

  • Email threads
  • People involved in an email conversation
  • Email attachments (if the Parent ID is provided along with the attachment item)
  • Duplicate emails

Redundancies can be identified by text analysis of email threads, minimizing the number of documents that need to be reviewed. This reduces the amount of data to be reviewed, and it saves money in personnel and resources, as well.

Near-Duplicate Identification

Another useful analytical tool that’s closely related to email threading is near-duplicate identification. Like email threading, near-duplicate identification is a common textual analytics tool. It calculates document similarity via the textual content of a document.

For example, this tool could identify two different types of documents, such as an email and a PDF attachment containing the same, or nearly the same, content. The value of this approach is that you can tag these documents and either group them together or exclude them based on your needs.

Near-duplicate identification can also serve as an important quality control measure. For instance, there could be a situation where reviewers have found a cache of privileged documents in the data set. But what if some of these privileged documents were missed? You could easily find near-duplicates of the documents already collected and re-review the new set for inconsistencies.

Keyword Expansion

Keyword expansion is a simple analytics tool that can help you during eDiscovery. This common practice takes your set of defined keywords and identifies conceptually similar keywords based on your data set. Note that it finds conceptually similar terms, not just synonyms of your keyword list.

This helps build on your initial keyword list, and it should give you a better understanding of the important issues related to the case. Additionally, it helps you collect documents you would have otherwise missed—for example, those containing project code names.

Along with cluster visualization, this is an expedient way to help organize your data set.

Cluster Visualization

Cluster visualization is just what it sounds like. It’s the process of displaying data in a visual graph, often using word or subject clusters.

There’s only so much information a person can interpret when looking at a table view list of documents. Cluster visualization solves that problem. The advantage of this strategy is that it allows for reviewers to analyze and gain insights from data at a glance, making it much more efficient.

Additionally, it’s helpful for sorting information during eDiscovery—especially data with conceptual content instead of numerical data. You can quickly see which subjects in the data set appear most frequently, and you can also group conceptually similar documents.

Reviewers can further sort data by overlaying keywords to identify and flag the clusters that correspond to relevant terms. Overall, this will facilitate a better understanding of a case.

Are these four strategies part of your eDiscovery routine? If not, Trustpoint.One can handle your eDiscovery needs and more. Contact us today for more information.

Anywhere there’s sensitive information on the Internet, there is also a chance of a data breach. Recently, companies such as Under Armour, Panera and Macy’s have made headlines due to data breaches. They’re becoming a regular occurrence for companies and consumers.

The Identity Theft Resource Center has been tracking data breaches since 2005. From 2005 to Aug. 31, 2018, there have been a total of 9,395 data breaches, exposing more than 1 billion records.

While consumer data breaches related to big B2C brands are highly publicized, corporate eDiscovery data presents another target for hackers. Data involved with the eDiscovery process often contains valuable information such as intellectual property and trade secrets. Therefore, it’s important to take the proper steps to protect it.

Here are four ways to protect corporate eDiscovery data.

A Culture of Security

Sensitive data is easier to protect when everyone in the company is on board. This is the foundation of secure data. Employees—no matter their status—have to be aware of the ways they could potentially put their company at risk.

Executives are often targets because of their access to valuable knowledge and influence within organizations. Despite this, many are not invested in cybersecurity. A survey of 9,500 executives found only 39 percent have a hand in setting cybersecurity policies and just 31 percent actively review cybersecurity risks.

Get everyone on the same page with a formal internet policy for your organization. Make it clear what practices—say, accessing personal email accounts—are not allowed at the office nor on any company devices. It might be helpful to consult an IT specialist when drawing up these rules. If you already have a policy in place, regularly communicate with employees about cybersecurity risks, hold meetings and ask the IT department to speak about the issue.

This way, everyone from top to bottom will feel a duty to keep data safe.

Hygienic and Secure Collection

As John deCraen, senior director at Alvarez & Marsal, and Nik Balepur, solutions architect at Relativity®, discussed in their talk about cybersecurity and eDiscovery, you can mitigate risks with hygienic and secure collection methods.

What does this look like?

During collection, equipment with no other data on it should be used. Data should also be saved with encrypted media and standardized methods, such as randomly generated passwords. If the data is encrypted at the time of collection, it should protect personal or sensitive data. In case of hardware failure during transit, copies should be made of the data being collected.

Additionally, as deCraen and Balepur note, advanced malware scanning should be employed for imports and infected file protocols, and reporting should be clearly stated so infected files can be dealt with expediently and effectively, too.

Secure collection protects data, but an emphasis on security must also continue after collection

Controlled Data Access

The more people involved with handling eDiscovery data, the more opportunities there are for data breaches.. Once the data has been collected, access should be strictly limited to staff working directly on the case. Make sure your permissions are set up correctly via user/role-based accesses to accomplish this.

Naturally, eDiscovery providers should have high security certifications and the infrastructure necessary to keep data safe.

A Trusted, Certified Partner

Your data, and your clients’ data, is too important to leave in the hands of someone you don’t trust. This is why Trustpoint.One offers industry-leading security across our entire hosted platform environment, including Relativity and other eDiscovery tools.

Furthermore, our operating environments are certified with these security protections: certified SOC 2 Type 2, ISO 27001, Privacy Shield and HIPPA certified. Not every company has all of these protections to limit access to data.

If you have eDiscovery needs and want to stop worrying about your data, contact Trustpoint.One. We make sure you data is secure, so you feel the same way

It can be difficult enough to mechanically sort through hundreds or even thousands of digital documents while preparing for litigation. However, if you’re working with clients abroad, you’ll also need to comply with international standards, which can complicate the process further.

If your work involves international business, you’re likely familiar with the EU-US Privacy Shield.

Keeping with today’s modernized global culture, the agreement sets forth agreed-upon tenets for the international transmission of data, as outlined in the Privacy Shield Framework Program Overview. This ensures personal information that is transferred across the Atlantic from Europe to the U.S. for business-related purposes is protected by both countries.

To maintain a healthy flow of business between the continents, the agreement requires U.S. regulatory bodies to work with the EU in the interest of their citizens’ data protection, and must also offer satisfactory rectification of any situation where their data has been exploited.

A Brief History

The rise of digital data transmission brought about discussions of how to maintain citizens’ rights to privacy in the U.S. and abroad. These discussions and meetings between international leaders culminated in the International Safe Harbor Privacy Principles, an agreement crafted between 1998 and 2000 with a similar intent as the EU-US Privacy Shield.

It was formerly accepted by the European Commission, an EU institution responsible for proposing legislation and implementing decisions, in July of 2000. However, in the ensuing years, there were questions about compliance, and it was deemed outdated in 2015. The EU-US Privacy Shield was developed to take its place with updated provisions, but the agreement was not without controversy.


If you’re working with a client who does business overseas, you can save everyone a headache and direct them to self-certify via the Privacy Shield Principles, if they have not already. Though you and your client may already be complying with these standards, having the seal of approval is a helpful way to instill faith in you and your client. Anyone using Privacy Shield Principles can also easily access and connect with a list of businesses who are also certified.

Most Recent Annual Review

The EU-U.S. Privacy Shield is subject to an annual review to maintain updates and discuss the effectiveness of the agreement. The second and most recent annual review occured on Oct. 19, 2018, in Brussels, where a meeting and review was held between U.S. government leaders, the European Commission their data protection authorities.

According to a press release announcing the meeting, “Since the Shield came into effect on 1 August 2016, nearly 4,000 U.S. companies have self-certified,” though the future of the agreement is uncertain at this point.

Trustpoint.One offers peace of mind through industry-leading security across our entire hosted platform environment. To protect your data, we’re not only Privacy Shield certified, but also SOC 2 Type 2, ISO 27001 and HIPPA certified, as well.

Contact us today to see how Trustpoint.One can help you during eDiscovery.